Below is my pf.conf which I put together reading the man page and googling around.
It seems to work fine, I'm using it since quite a few months. I have a restricted user "amule" which I use to run amule (rarely, actually), do the lines in my pf.conf make sense (it seems they do, I remember trying to changing them and thus blocking amule traffic).
I use this computer basically as a desktop, but is on 24h/day, so, I need it to be safe.
In google I found this script to block brute-force attacks, which works very well:

ext_if="gem0"
ssh= "{ 22 }"
table <ssh-violations> persist file "/etc/ssh-violations"
# options
set block-policy drop
set state-policy if-bound
set loginterface $ext_if
set optimization normal
set skip on lo0
# scrub
scrub in on $ext_if all
pass quick on lo0 all
antispoof for $ext_if
block in log all
block out all
block in quick log from <ssh-violations> to any
pass on $ext_if proto tcp from any to any port $ssh
pass on $ext_if proto tcp from any to any port 4662 user amule
pass on $ext_if proto udp from any to any port 4665 user amule
pass on $ext_if proto udp from any to any port 4672 user amule
pass on $ext_if proto tcp from any to any port 4712 user amule
pass on $ext_if proto tcp from any to any port 4661 user amule
pass out quick on $ext_if inet
martians = "{ 127.0.0.0/8, 172.16.0.0/12, \
10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
0.0.0.0/8, 240.0.0.0/4 }"
block drop in quick on $ext_if from $martians to any
block drop out quick on $ext_if from any to $martians

# internet connected interface
ext_if="gem0"
table <ssh-violations> persist file "/etc/ssh-violations"
table <martians> const persist { 127/8, 192.168/16, 172.16/12, 10/8, 0/8, \
169.254/16, 192.0.2/24, 240/4 }
# options
set block-policy drop
set loginterface $ext_if
set skip on lo0
# scrub
scrub in on $ext_if all
# antispoof
antispoof for $ext_if
# catch-all
block in log all
block out all
# block evil people
block in log quick from <ssh-violations> to any
block in quick on $ext_if from <martians> to any
block out quick on $ext_if from any to <martians>
# allow ssh connections
pass in on $ext_if proto tcp from any to any port ssh
# AMule incoming
pass in on $ext_if proto tcp from any to any port 4662 user amule
pass in on $ext_if proto udp from any to any port 4665 user amule
pass in on $ext_if proto udp from any to any port 4672 user amule
# pass out all traffic
pass out on $ext_if inet all

Hope it helps, I do recommend reading the OpenBSD pf FAQ, and perhaps buying Peter NM Hansteen's new PF book.